Zhibin Yang,Kai Hu,Dianfu Ma,Jean-Paul Bodeveix,Lei Pi,Jean-Pierre Talpin

DOI: https://doi.org/10.1016/j.jss.2014.02.058

IF: 3.5

2014-01-01

Journal of Systems and Software

Abstract:Architecture Analysis and Design Language (AADL) is an architecture description language standard for embedded real-time systems widely used in the avionics and aerospace industry to model safety-critical applications. To verify and analyze the AADL models, model transformation technologies are often used to automatically extract a formal specification suitable for analysis and verification. In this process, it remains a challenge to prove that the model transformation preserves the semantics of the initial AADL model or, at least, some of the specific properties or requirements it needs to satisfy. This paper presents a machine checked semantics-preserving transformation of a subset of AADL (including periodic threads, data port communications, mode changes, and the AADL behavior annex) into Timed Abstract State Machines (TASM). The AADL standard itself lacks at present a formal semantics to make this translation validation possible. Our contribution is to bridge this gap by providing two formal semantics for the subset of AADL. The execution semantics provided by the AADL standard is formalized as Timed Transition Systems (ITS). This formalization gives a reference expression of AADL semantics which can be compared with the TASM-based translation (for verification purpose). Finally, the verified transformation is mechanized in the theorem prover Coq. (C) 2014 Elsevier Inc. All rights reserved.

Zhibin Yang,Kai Hu,Dianfu Ma,Lei Pi

DOI: https://doi.org/10.1109/pic.2010.5687996

2010-01-01

Abstract:AADL (Architectural Analysis & Design Language) is an architecture description language standard for embedded real-time systems, and it is widely used in aerospace and other safety-critical applications. However, the AADL standard lacks at present a formal semantics. This paper proposes a formal semantics and a verification framework of AADL models with regard to mode change. The precise semantics of AADL mode change protocol is defined by a translation into the TASM (Timed Abstract State Machine) formalism. Then the translational semantics is automated in the AADL2TASM tool, which provides model checking and simulation for AADL models. Finally, the approach is validated with a case study of an automotive cruise control system.

Ehsan Ahmad,Yunwei Dong,Shuling Wang,Naijun Zhan,Liang Zou

DOI: https://doi.org/10.1007/978-3-319-15317-9_15

2015-01-01

Abstract:AADL is a Model-Based Engineering language for architectural analysis and specification of real-time embedded systems with stringent performance requirements (e.g. fault-tolerance, security, safety-critical etc.). However, core AADL lacks of a mechanism for modeling continuous evolution of physical processes which are controlled by digital controllers. In our previous work, we have introduced Hybrid Annex—an AADL extension for continuous behavior and cyber-physical interaction modeling based on Hybrid Communicating Sequential Processes (HCSP). In this paper, we present formal semantics of the synchronous subset of AADL models annotated with Hybrid Annex specifications using HCSP. The semantics are then used to verify correctness of AADL models (with Hybrid Annex specifications) using an in-house developed theorem prover — Hybrid Hoare Logic (HHL) prover.

Zhibin Yang,Kai Hu,Dianfu Ma,Lei Pi

DOI: https://doi.org/10.1109/date.2009.5090839

2009-01-01

Abstract:AADL is an Architecture Description Language which describes embedded real-time systems. Behavior annex is an extension of the dispatch mechanism of AADL execution model. This paper proposes a formal semantics for the AADL behavior annex using Timed Abstract State Machine (TASM). Firstly, the semantics of AADL default execution model is given, and then we formally define some aspects semantics of behavior annex. A prototype of real-time behavior modeling and verification is proposed, and finally, a case study will be given to validate the feasibility.

Chunxin Yang,Yunwei Dong,Fan Zhang,Ehsan Ahmad,Bin Gu

DOI: https://doi.org/10.1109/ICIS.2012.51

2012-01-01

Computer and Information Science

Abstract:AADL (Architecture Analysis Design Language) is a standardized and hierarchical modeling language which contributes to designing and analyzing architectures of both software and hardware of Embedded Real-Time Systems. However, the problems of AADL models are unenforceability and the absence of formal semantics, which limit formal analysis of attributes in AADL models. This paper proposes an approach to build formal semantics to AADL's software component models. We use Machine-Readable CSP as the formal language. Comparing with behaviors and relationships of processes in Machine-Readable CSP, we analyze features and interactions of various kinds of AADL software component. Some descriptive rules are made for certain applications of AADL software component. A case study illustrated by MBS (Multiple Buffering System) will be given to validate the feasibility. Properties of MBS such as deadlock, live lock, failure divergence relationship between specification and implementation are checked by the tool FDR.

zhibin yang,kai hu,yongwang zhao,dianfu ma,jeanpaul bodeveix

DOI: https://doi.org/10.13328/j.cnki.jos.004776

2015-01-01

Abstract:This paper presents a formal verification method for AADL (architecture analysis and design language) models by TASM (timed abstract state machine) translation. The abstract syntax of the chosen subset of AADL and of TASM are given. The translation rules are defined clearly by the semantic functions expressed in a ML-like language. Furthermore, the translation is implemented in the model transformation tool AADL2TASM, which provides model checking and simulation for AADL models. Finally, a case study of space GNC (guidance, navigation and control) system is provided.

MIAO De-cheng,XI Jian-qing,SU Jin-dian

DOI: https://doi.org/10.3969/j.issn.1007-130x.2012.07.017

2012-01-01

Abstract:AADL is a semi-formal modeling language based on components,which models software and hardware for large-scale complex software systems uniformly by structured description,and describes effectively system functional behaviors,non-functional attributes and architecture dynamic evolution in run-time,but some questions of AADL are required to further stduy and improve.This paper analyzes firstly the status quo of research for the AADL formal semantics,defines the formal language for the subset of the AADL process,makes a communication model for the subset of the AADL process,defines the concept of event formally,and clarifies the important role of event during the system status transformation,studies the behavioral semantics for the subset of the AADL process,and finally illustrates our advantages by contrasting with other literatures.This paper provides beneficial consultation for the development of AADL and its formal semantics and further improves the technology of architecture modeling and analysing for large-scale complex software systems.

Kai Hu,Teng Zhang,Zhibin Yang,Wei-Tek Tsai

DOI: https://doi.org/10.1016/j.sysarc.2015.02.003

2015-01-01

Abstract:hitecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach.

Abeer Saeed Abdo Hadad,Chunyan Ma,Adeeb Abdulwakeel Obadi Ahmed

DOI: https://doi.org/10.1109/access.2020.2987972

IF: 3.9

2020-01-01

IEEE Access

Abstract:AADL is widely used to depict the architecture and behavior of real-time safety-critical systems such as avionics and aerospace. The development of these systems has strict requirements for building fault-free systems. Formal verification is frequently applied to verify the critical properties of the systems, such as safety and liveness; however, the formal verification is not supported by AADL. Model transformation is commonly applied to provide formal semantics; hence, the AADL model can be verified by a language that supports formal verification in addition to the ability to cover all AADL model behavior. Event-B, with its proof obligation, is increasingly used to model and verify safety-critical systems. This paper presents the transformation of the AADL model into Event-B, which captures most AADL components and behavioral actions to be effective in the verification of current real-time systems models. Then, we define theorems and invariants of safety and liveness properties to be proven by using the RODIN platform. To demonstrate the efficacy of our method, we model the AADL of movement authority (MA) control of the Chinese Train Control System, transform the AADL model to Event-B and verify its crucial properties.

Yu Tan,Yongwang Zhao,Dianfu Ma,Xuejun Zhang

DOI: https://doi.org/10.1155/2022/2079880

2021-01-01

IOP Conference Series Earth and Environmental Science

Abstract:In safety-critical fields, architectural languages such as AADL (Architecture Analysis and Design Language) have been playing an important role, and the analysis of the languages and systems designed by them is a challenging research topic. At present, a formal method has become one of the main practices in software engineering for strict analysis, and it has been applied on the tools of formalization and analysis. The formal method can be used to find and resolve the problems early by describing the system with precise semantics and validating the system model. This article studies the comprehensive formal specification and verification of AADL with Behavior annex by the formal method. The presentation of this specification and semantics is the aim of this article, and the work is illustrated with an ARINC653 model case study in Isabelle/HOL.

Feng Zhang,Yongwang Zhao,Dianfu Ma,Wensheng Niu

DOI: https://doi.org/10.1109/access.2017.2770323

IF: 3.9

2017-01-01

IEEE Access

Abstract:AADL along with its Behavior Annex is an architecture and behavior description language for safety-critical domains, e.g. avionics, aerospace, and defence. In order to formally analyze behavior properties of AADL models, it is necessary to transform the AADL language into formal languages supported by formal verification tools. Moreover, comprehensive formal verification of AADL models highly requires that the transformation supports larger subset of the AADL language, as well as verification tools are able to capture various behavior of AADL, such as concurrency and timing. As an extended communicating sequential process (CSP), stateful timed CSP with its model checker-PAT provide an strongly expressive language and verification tool for real-time systems, distributed systems, and concurrent systems. This paper introduces a model transformation approach from a comparatively complete subset of AADL to stateful timed CSP, in particular supporting major components of AADL Behavior Annex. We propose a comprehensive set of transformation rules for AADL to stateful timed CSP. Then, we perform formal verification in PAT to analyze concurrent behavior properties of AADL models, such as safety, liveness, and trace refinement with various fairness assumptions, in which we consider time capacities, deadlines, periods of AADL threads and durations of AADL processes. As a study case, we develop an AADL model of F-16 “Auto Pilot Controller”and transform the model into Stateful Timed CSP. We specify a set of critical properties of the model and perform formal verification in PAT.

Teng Zhang,Zhibin Yang,Wei-Tek Tsai

2016-01-01

Abstract:Architecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach.

GuiLan Dai,Baowen Xu

1999-01-01

Abstract:AML is an Ada-based object-oriented modeling language. AML has advantages of formal languages and object-oriented graph languages, and overcomes the limits of existing modeling languages in modeling concurrency and nondeterminism of systems. In this paper we give its algebraic semantics of the class package and structure package which have explicit distinctness from Ada95.

Changde Li,Xingshe Zhou,Yunwei Dong

DOI: https://doi.org/10.1109/indusis.2010.5565667

2010-01-01

Abstract:AADL is an Architecture Description Language based on the MetaH language which describes an embedded system, as a collection of interacting components. This paper discusses the use of CSP for the specification of architectural models expressed in the modeling language AADL. This allows simulation of systems specified in AADL and application to these systems of formal verification techniques developed for CSP, e.g. deadlock detection. A prototype of behavior specification is proposed through the transformation semantics of flow and port connection. And finally, a case study is given to validate the feasibility.

Jian SUN,Min XU

DOI: https://doi.org/10.3969/j.issn.1673-629X.2016.04.009

2016-01-01

Abstract:AADL supports structural modeling for software and hardware,and imports non-functional attributes description such as real-time and reliability in embedded real-time system. During the process of MDD ( Model-Driven Development) ,it is of great significance for ensuring the system real-time performance and improving the efficiency of system development to find potential design problems on critical aspects in the model design stage. In order to analyze the flow latency of AADL models,a method is proposed taking the analysis of data flows of AADL to form a formal description of data flows. The mapping relationship from formal description to time automaton semantics is regarded as the definition of mapping rules. On building the timed automata of date flows,methods and samples are given to transform both simple and mixed flows into timed automata. In the transformation of mixed flows,a template of non-periodic thread is presented to support the comprehensive analysis of data flows. At last the reference query statements is given to verify the properties of the data flows,and the necessary experimental tests of time automaton model converted from data flows are carried out.

Hongyan Zhao,Huibiao Zhu,Feng Sheng,Jifeng He,Jonathan Bowen

DOI: https://doi.org/10.1145/3696432

2024-01-01

Formal Aspects of Computing

Abstract:Verilog is a hardware description language (HDL) that has become an industry-standard HDL of IEEE. Multithreaded discrete event simulation language (MDESL) is a Verilog-like language. Previously, we have studied the operational semantics and denotational semantics for MDESL. This paper investigates the soundness and completeness of the operational semantics for MDESL based on the denotational semantics. We introduce the concepts of transitional condition and phase semantics for each transition to show the relationship between a transition and variables in the denotational model. Then, we give the definition for the soundness and completeness of the operational semantics for MDESL. Based on our definition of the operational semantics of MDESL, we investigate the detailed theoretical proof for the soundness and completeness. Finally, a practical approach complements the theoretical one. We apply the proof assistant Coq to verify the soundness and completeness of the operational semantics for MDESL. Our research demonstrates the consistency between operational and denotational semantics for MDESL through theoretical and practical approaches.

Kai Hu,Teng Zhang,YANG Zhi-bin,Bin Gu,Shu Jiang,JIANG Pan-chang,胡凯,张腾,杨志斌,顾斌,蒋树,姜泮昌

2012-01-01

Abstract:Timed abstract state machine (TASM) is a formal specification language used to specify and simulate the behavior of real-time systems. Formal verification of TASM model can be fulfilled through model checking activities by translating into UPPAAL. Firstly, the translational semantics from TASM to UPPAAL is presented through atlas transformation language (ATL). Secondly, the implementation of the proposed model transformation tool TASM2UPPAAL is provided. Finally, a case study is given to illustrate the automatic transformation from TASM model to UPPAAL model. Copyright © 2012 Editorial Department of Journal of Donghua University.

Sarmen Keshishzadeh,Arjan J. Mooij,Jozef Hooman

DOI: https://doi.org/10.48550/arXiv.1511.08049

2015-11-25

Abstract:A domain specific language (DSL) abstracts from implementation details and is aligned with the way domain experts reason about a software component. The development of DSLs is usually centered around a grammar and transformations that generate implementation code or analysis models. The semantics of the language is often defined implicitly and in terms of a transformation to implementation code. In the presence of multiple transformations from the DSL, the consistency of the generated artifacts with respect to the semantics of the DSL is a relevant issue. We show that a formal semantics is essential for checking the consistency between the generated artifacts. We exploit the formal semantics in an industrial project and use formal techniques based on equivalence checking and model-based testing for consistency checking. We report about our experience with this approach in an industrial development project.

Software Engineering,Logic in Computer Science,Programming Languages

Zhang Yuanrui,Mallet Frédéric,Liu Zhiming

DOI: https://doi.org/10.1007/s11704-022-1374-4

IF: 2.6688

2022-01-01

Frontiers of Computer Science

Abstract:Synchronous model is a type of formal models for modelling and specifying reactive systems. It has a great advantage over other real-time models that its modelling paradigm supports a deterministic concurrent behaviour of systems. Various approaches have been utilized for verification of synchronous models based on different techniques, such as model checking, SAT/SMT sovling, term rewriting, type inference and so on. In this paper, we propose a verification approach for synchronous models based on compositional reasoning and term rewriting. Specifically, we initially propose a variation of dynamic logic, called synchronous dynamic logic (SDL). SDL extends the regular program model of first-order dynamic logic (FODL) with necessary primitives to capture the notion of synchrony and synchronous communication between parallel programs, and enriches FODL formulas with temporal dynamic logical formulas to specify safety properties -- a type of properties mainly concerned in reactive systems. To rightly capture the synchronous communications, we define a constructive semantics for the program model of SDL. We build a sound and relatively complete proof system for SDL. Compared to previous verification approaches, SDL provides a divide and conquer way to analyze and verify synchronous models based on compositional reasoning of the syntactic structure of the programs of SDL. To illustrate the usefulness of SDL, we apply SDL to specify and verify a small example in the synchronous model SyncChart, which shows the potential of SDL to be used in practice.

Feng Sheng,Huibiao Zhu,Jifeng He,Zongyuan Yang,Jonathan P. Bowen

DOI: https://doi.org/10.1145/3295699

IF: 3.685

2019-01-01

ACM Transactions on Software Engineering and Methodology

Abstract:Verilog is a hardware description language (HDL) that has been standardized and widely used in industry. Multithreaded discrete event simulation language (MDESL) is a Verilog-like language. It contains interesting features such as event-driven computation and shared-variable concurrency. This article considers how the algebraic semantics links with the operational semantics for MDESL. Our approach is from both the theoretical and practical aspects. The link is proceeded by deriving the operational semantics from the algebraic semantics. First, we present the algebraic semantics for MDESL. We introduce the concept of head normal form. Second, we present the strategy of deriving operational semantics from algebraic semantics. We also investigate the soundness and completeness of the derived operational semantics with respect to the derivation strategy. Our theoretical approach is complemented by a practical one, and we use the theorem proof assistant Coq to formalize the algebraic laws and the derived operational semantics. Meanwhile, the soundness and completeness of the derived operational semantics is also verified via the mechanical approach in Coq. Our approach is a novel way to formalize and verify the correctness and equivalence of different semantics for MDESL in both a theoretical approach and a practical approach.